Collaborate Disseminate
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year,
The post Notepad++ secures update channel in wake of supply chain compromise appeared first on Help Net Security.
Continue reading Notepad++ secures update channel in wake of supply chain compromise
Can cloud-based password managers that claim “zero-knowledge encryption” keep users’ passwords safe even if their encrypted-vault servers are compromised? Researchers at ETH Zurich and Università della Svizzera italiana set out to answer th… Continue reading Design weaknesses in major password managers enable vault attacks, researchers say
Peter Steinberger, the Austrian software developer who vibe coded the popular OpenClaw autonomous AI agent, has joined OpenAI. “My next mission is to build an agent that even my mum can use. That’ll need a much broader change, a lot more thought … Continue reading OpenClaw creator Peter Steinberger joins OpenAI
Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” the company said. About CVE-2026-2441 CVE-2026… Continue reading Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value befo… Continue reading Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows s… Continue reading Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow att… Continue reading Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of it is automated scanning for vulnerable systems, but accordin… Continue reading Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells
Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature bypass” zero-days Among the zero-days fixed are three vulnerabilities … Continue reading Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026
Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year, the country’s Cyber Security Agency (CSA) has revealed. An advanced persistent threat group known as UNC3886 has probed deep into th… Continue reading Singapore telcos breached in China-linked cyber espionage campaign